https://github.com/mutantmonkey/filtor

An allowlisting proxy for the Tor control port.
https://github.com/mutantmonkey/filtor

Last synced: 8 months ago
JSON representation

An allowlisting proxy for the Tor control port.

• Host: GitHub
• URL: https://github.com/mutantmonkey/filtor
• Owner: mutantmonkey
• License: wtfpl
• Created: 2014-03-12T02:44:36.000Z (about 12 years ago)
• Default Branch: main
• Last Pushed: 2024-08-06T09:19:56.000Z (almost 2 years ago)
• Last Synced: 2025-07-08T05:49:31.387Z (11 months ago)
• Language: Python
• Homepage:
• Size: 16.6 KB
• Stars: 5
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: COPYING

Awesome Lists containing this project

README

          
# filtor

An allowlisting proxy for the Tor control port.

## Rationale

The Tor Browser, when not used in "Transparent Torification" mode, requires

access to the Tor control port so that it can test that the browser is

configured to use Tor correctly and send a NEWNYM signal when the "New

Identity" button is clicked.

While these are nice features to have, exposing the control port to the browser

results in an increased attack surface. For example, an attacker could tamper

with the Tor configuration to only use relays that they control or obtain the

IP address of the machine running Tor by using the `GETINFO address` command.

Inspired by a [similar project written as part of

Whonix](https://www.whonix.org/wiki/Dev/Control_Port_Filter_Proxy), I wrote a

simple proxy that only allows commands necessary for operation of the Tor

Browser and rejects all others.

Note that this simple proxy does not enforce authentication; I do not believe

there are significant anonymity concerns with this, but this does present an

increased attack risk if someone compromises a user account on your machine. In

the future, I may add support for a separate auth cookie for the proxy itself,

so that authentication can be used without exposing the main Tor auth cookie

to your Torified VMs.

## Prerequisites

* Python 3+

## Usage

Note: if you already have Tor's control port running on port 9151

(`ControlPort 9151`), you can use filtor's `-p` option to change the port.

1. Install the proxy. Arch users can find a PKGBUILD in the AUR; other users

   should copy filtor to /usr/bin, copy filtor.service to /etc/systemd/system,

   and create a filtor user. (If you're not using systemd, you'll need to write

   your own initscript.)

2. Configure Tor; set the following options (and restart if necessary):

   ```

   ControlPort unix:/run/tor/control GroupWritable

   CookieAuthentication 1

   CookieAuthFile /run/tor/control.authcookie

   CookieAuthFileGroupReadable 1

   ```

3. Start filtor: `sudo systemctl start filtor.service`

## Security Advisory

Commit ad6a56520c8ae30d486200bb9c105c2de8b53fc3 introduced support for the

`ADD_ONION` command without filtering the allowed ports. This was on by default

and would allow an attacker to create an onion service for the actual control

port and bypass the filter. This feature was disabled by default with commit

19b7f7828c141bf9e326754e75ffc45ebabcc20b and must be enabled with the

`--allow-add-onion` argument.